At 10:34 AM 12/11/97 -0500, Stacy Millions wrote:
>"Warren Moore"<warren .
moore @
cbis .
com> said:
>
>> Paul McNabb reputedly said:
>>
>> <snip>
>> >
>> >> From: "Craig I. Hagan" <hagan @
cih .
com>
w...maybe by 2021 the desktops will have caught up.
More SNIPPED to save bandwidth
>I think you are overly optimistic :-( The big problem with the stability of
>most of these "new technologies" has more to do with cultural issues than
>technical issues. I would imagine that the "poor old dinosaur mainframes"
>would have a stability problem too, if the users of the systems were able
>to download the latest "cool app" from the net and install it.
>
>Most organizations that I have seen are not willing to spend the amount of
>money need to support a computer on everyone's desk. And why should they?
>After all these are commodity items, like a toaster, you just have to plug
>it in and go. Right? Why do you need all the overhead of change managment,
>QA, etc. for a PC?
>
>I wish M$soft the best of luck with their zero administration initiative,
>I'm just not holding my breath for it to happen.
>
>-stacy
>
Stacy rasies an important point here that I haven't seen discussed much.
The value of "change control" and "authorized applications on the desktop"
can not be stressed enough in a security sense. Allowing users (or at
least not stating a policy against) the unauthorized loading, downloading
and/or execution of company unapproved software from within the secured
enviornment is very important. As a security officer, you spend bucks to
install firewalls, maintain access control lists, force people to change
their passwords, you audit the enviornment, and then let them bring in a
virus, trojan horse or some other nasty.
Firewalls, ACL's, passwords and the like can only do their job if they
aren't undermined by users and/or a lack of policy. Stacy is correct in
that MVS is not something that the user can load stuff onto 'cuz it looks
geewhiz kewl; and the Mainframe has been properly maintained by Systems
Programmers who are trained (gasp!!! not....T-R-A-I-N-I-N-G???!!!).
Allowing users to control their environment space (in a computer sense)
without proper training on how they can affect the whole company is counter
productive to any security implementation.
Steve Kruse
Milkyway Networks
Flames Ignored...comments always welcome.
***********************************************
* jsk347 @
sprynet .
com (Personal E-Mail) *
* skruse @
milkyway .
com (Company E-Mail) *
* http://www.milkyway.com *
***********************************************
Follow-Ups:
References:
|
|
